Rus Articles Journal

How to survive without antivirus?

How to survive without antivirus?

I want to tell first of all that did not correct an error it not the composition and not examination at school, and just my thoughts into the account of this subject in - the second I tried to instruct, councils as well as what to do, sometimes only hints or superficial data if there are questions or remarks I will be glad to accept both constructive criticism and requests to learn bigger: lifeisound gmail doggie. com.

I warn that this article is intended for experienced users who are at least superficially familiar with » iron; the computer, structure of OS, and it is desirable had any experience of programming in any modern language of programming. Anyway I do not want to frighten off eager and everyone can below and below described to repeat without any academic knowledge above described if attracts that perhaps over time and learn all necessary.

We will make a start from the fact that you for example as well as I am not a fan of antiviruses, or just you want to learn as after all possibly not only not to use an antivirus, but also to catch viruses the hands at the minimum experience, and with a small set of small programs - tools of utilities. Anyway many have to agree with me that in life there are various situations such for example as the banal problem is not present a disk with an antivirus, lost a key for it, or not the Internet and a heap of other problems. At any deal what you lose? time, forces, money if so that this strategy not for you, you can not read further, and you will be able to get a lot of things, it is simple to satisfy thirst of knowledge, to learn the principles and habits evil spirits and as it to catch almost barehanded and of course experience if you train and experiment. So the task is given there are no antivirus and

and) there is a suspicion that t virus / worm / adware/spyware/trojan/and made the way. p
) there is no suspicion but after all there is a wish to learn whether the system is pure?

With the first option all is clear if you have a feeling that with system something not so (Neo tuk - tuk wake up :) blue screens, frequent resets appear, blocking of windows, keyboards and t throws on other websites, or even strong indications of infection. d, etc. Into the account of blue screens of resets and not inclusion it is possible even viruses here and the problem does not smell there can be in disagreement with iron, a power supply unit, memory, curve firewood or even software and all something like that. At this stage it is important to solve in what a problem in the hardware or in program further already to continue to fix a problem. Here you will be helped by strict logic or the friend more familiar with this repair subject. Well I hope at you everything normally with iron and we will continue introduction to a computer infection.

The second case strangely enough essentially what does not differ from the first in owing to the fact that there is such probability that the infection sits quietly and performs the functions not necessarily such obvious operations (steals passwords, your correspondence, and t. o) to put it briefly hides the presence. Ours of the back consists in that to learn whether really someone here not lawful disappears or after all it is paranoia of :)

Many tools it is possible to find on ru /
I will long not tell the theory and to pour water. I will just write the thoughts into the account of this subject.
It something like the textbook of methodics how to catch a reptile of :)

0. If the file (it is not obligatory *. exe; *. dll expansion can be any) lies in any Windows subfolder and:

1. If file up to 100 - 200 kb in size

2. there is no digital signature (we watch properties of the file)

3. there is no information on the company (a property tezha) of

4. if the file belongs to the large company like microsoft and is packed (not a zip and not rary and *. exe packers, protectors like upx, asprotect, armadillo) becomes clear when scanning the program like peid, lordpe or something is newer than

5. process devours a lot of memory or processor time (strongly loads the processor) with

6. it is worth looking at all open files in system (if the virus scans all screw, then it is possible to see as he touches all winchester) you should not confuse to other program a defragmentator or still any third-party installed high Probability program

that it is a parasite, it is worth trying to remove it without having forgotten to make the copy, and it is better to pack and postpone away.

It is worth making once such important thing how to create the reference md5 file of the most important files. I Will explain
what is it. as soon as we reinstalled system and began to live with a new leaf of t. e from the new pure screw. that we take all folder with: / windows with all enclosed folders also we withdraw from all system files checksums of md5 any utility which will provide the full report after creation of prints of files. now we can automate this business for example through body shirts

*. bat *. cmd having created scenarios of performance of prevention. t. e what does the command file? it starts our program for removal of new md5 and then after creation of the new report, compares it to the reference blank report if distinctions come to light, then it is worth sounding alarm and to lift guard. It is possible to take the utility of fc from the same arsenal of OS. exe lying in with: / Windows/system32/fc/? it is worth using binary comparison if it is just necessary to compare two programs or libraries, and in case of ready md5 the official report it is possible to compare also the text of

But there can be also exceptions here from - for what:
1. The downloaded updates of Microsoft of course can replace the system file with propatchenny
2. updates of the third-party companies adobe, Sony and many other
3. copied itself in the system folder on an example the file *. dll also forgot that it replaced with other :)

version That from this follows that it is necessary to consider all these updates, patches, reinstallation, installation of new programs, etc. It pushes us on maintaining dens in system, OS has and so system of logging of many changes in system, the control panel - magazines. But it is possible to put something special also.

Many forget, and someone also does not know that OS itself has an opportunity to check integrity of system files and she is called sfc. exe. Everything is banal simply we start the command line Execute (Windows+R)-> cmd-> sfc. exe/scannow also we receive result. In HR it was possible to change a key in the register earlier (regedit. exe) which either included this protection or disconnected, dirty applets used the last opportunity whether in the seven I was not interested there is such key or not, the searcher in the help. So if sfc found replacement of files that it is just necessary to insert a disk with OS and it will replace necessary files. There was it that there passes time both again replacement, and so around even if the disk lies in the drive the whole day, then this infinite rustling and the appeal of the drive to a disk bothers, therefore someone fairly touches all files and makes replacement it is necessary to find this infection and to remove it.

One more moment is a verification of digital signatures of drivers and system files with: / Windows/system32/sigverif. exe is simple in use too that does not demand explanations.
of sfc. exe or sigverif can be put on loading at inclusion having hung up a body shirt or having made start of these verifiers according to the schedule.

How to remove an infection if we it found a question, but we cannot remove as or the system shouts at us what the file is occupied and cannot be removed how to be? In - the first it is worth trying the safe mode (F8 when loading a computer) for old parasitic programs, In - the second if a parasite new and is able to protect itself in the safe mode that it is necessary to use loading live cd or the loading USB stick with similar system and the file manager established at least to remove a parasite. In - the third it is possible to apply exotic option how to remove the screw and to hang up slave that not from it to be loaded and from other screw and to clean that is necessary.

It is important to understand that when the system is infected, it is better not to be loaded from it so the parasite will include also the protection which you in manual will not be able to remove. There is an option it to freeze file system as on an example it does the anti-virus avz scanner of Oleg Zaytsev, it is possible to look for something similar and to apply to the needs. All details are in the book of the same author of the avz scanner can look through.
exist Long ago programs which can not only get access to busy files but also to remove them or to copy, it is possible to try and to apply them.

Everything of course is reduced to writing of the antivirus, can do it and so. Just wanted to show that it is possible not to use an antivirus and not to bother all these receptions that I described, and to use any one or just to adopt for the future.

As for any parasites like adware, spyware and t. p that we deal already with rubbish in memories, usually infection through * here. dll but also not only through libraries. interception of an apa of system libraries and many other things. There is more serious business, and it is necessary to be able to use hex debuggers editors and many other tools which suit programmers, kryaker, etc. more. But also here not everything is so terrible as can seem (though without initial theory will seem dark) at first sight.